Skip to content
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

Ravie LakshmananJun 24, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive… 

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. “The main common goal was to… 

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Ravie LakshmananJun 24, 2026Open Source / Supply Chain Security Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The “critical exploitable pattern”… 

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Ravie LakshmananJun 24, 2026Vulnerability / Network Security Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM… 

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

Ravie LakshmananJun 23, 2026Initial Access Broker / Firewall Security A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over… 

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the… 

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

Swati KhandelwalJun 23, 2026Cryptography / Quantum Computing President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by… 

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

Ravie LakshmananJun 23, 2026Workflow Security / Software Supply Chain GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow”…